1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
2
Hello,
You can only use control plane audit logs to track which user ran a particular kubectl
command. Use CloudWatch Logs Insights to query through the EKS control plane log data.
The example query below will retrieve all the Kubernetes operations performed by user in your cluster.
fields @timestamp, user.username as user, verb as action, objectRef.name as object
| filter @logStream like /^kube-apiserver-audit/
| filter user.username not like 'system:'
| filter user.username not like 'eks:'
| filter verb not like 'watch'
| filter verb not like 'list'
| sort @timestamp desc
For example you can query all the activity performed by username1:
fields @logStream, @timestamp, @message
| filter @logStream like /^kube-apiserver-audit/
| filter strcontains(user.username,"username1")
| sort @timestamp desc
| limit 50
To view the logs in Amazon CloudWatch Logs, you must turn on Amazon EKS control plane logging. You can find EKS control plane logs in the /aws/eks/cluster-name/cluster log group.
References
répondu il y a un an
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a un an
That worked excellent only thing is you should choose the time ranges too properly Thanks